CVE-2026-46232
Analyzed Analyzed - Analysis Complete
HID PlayStation Driver Touch Report Array Overflow

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46232
EUVD
EUVD-2026-32859
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.32 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.90 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of PlayStation controller touch reports. Specifically, the function dualshock4_parse_report processes touch input data from the device. If a device falsely reports the number of touch reports, the function may read beyond the allocated touch_reports array, potentially up to about 2 KiB of memory. This happens because the loop iterates up to the reported number of touch reports without proper validation. The vulnerability is mitigated by clamping the num_touch_reports value to the maximum size of the touch_reports array, preventing out-of-bounds reads.

Impact Analysis

If exploited, this vulnerability could cause the Linux kernel to read memory beyond the intended buffer when processing touch input from a PlayStation controller. This out-of-bounds read could potentially expose sensitive kernel memory data or cause system instability. The data read might be emitted via the evdev interface, which could lead to unintended information disclosure or other unpredictable behavior.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart